In this Public Notice, the Enforcement Bureau (Bureau) responds to requests for guidance on the suggested
format and procedures for the filing of annual CPNI compliance certifications (CPNI Certifications) pursuant to 47 C.F.R. 64.2009(e). CPNI Certifications must be filed annually between January 1 and March 1, in accordance with the procedures outlined below.
Background. On April 2, 2007, the Commission released a Report and Order and Further Notice of Proposed Rulemaking in CC Docket No. 96-115 and WC Docket No. 04-36 (EPIC CPNI Order)1 in which the Commission strengthened its privacy rules, pursuant to section 222 of the Communications Act, as amended, by adopting additional safeguards to protect CPNI against unauthorized access and disclosure.2 One important change to the existing CPNI rules adopted in the EPIC CPNI Order is the requirement that all companies subject to the CPNI rules file annually, on or before March 1, a certification with the Commission pursuant to amended rule 47 C.F.R. 64.2009(e).3 This collection has been approved by OMB under control number 30600715. Prior to the 2008 annual filings, the Bureau released a Public Notice providing a suggested template that filing entities could use to meet the annual certification filing requirement.4

1 Implementation of the Telecommunications Act of 1996: Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information; IP-Enabled Services, CC Docket No. 96-115; WC Docket No. 04-36, Report and Order and Further Notice of Proposed Rulemaking, 22 FCC Rcd 6927 (2007)("EPIC CPNI Order").
2 See 47 U.S.C. 222.
3 47 C.F.R. 64.2009(e) states: "A telecommunications carrier must have an officer, as an agent of the carrier, sign and file with the Commission a compliance certificate on an annual basis. The officer must state in the certification that he or she has personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the rules in this subpart. The carrier must provide a statement accompanying the certification explaining how its operating procedures ensure that it is or is not in compliance with the rules in this subpart. In addition, the carrier must include an explanation of any actions taken against data brokers and a summary of all customer complaints received in the past year concerning the unauthorized release of CPNI. This filing must be made annually with the Enforcement Bureau on or before March 1 in EB Docket No. 06-36, for data pertaining to the previous calendar year."4 Public Notice, EB Provides Guidance on Filing on Annual Customer Proprietary Network Information (CPNI) Certifications Under 47 C.F.R. 64.2009(e), 08-171 (Jan. 29, 2008).Format of CPNI Certifications. The Bureau provides the attached suggested template that filing
entities can use to meet the annual certification filing requirement of 47 C.F.R. 64.2009(e). Use of this template is not mandatory, and any document that meets the requirements of the rule may be filed. Parties that elect to use the suggested template are encouraged to review the template carefully and to ensure that all fields are fully completed before submission.
Filing procedures. All filings must reference

Electronic Filers: Certifications may be filed electronically using the Internet by accessing the ECFS: https://www.fcc.gov/cgb/ecfs/. Filers should follow the instructions provided on the website for submitting comments.

In completing the transmittal screen, filers should include their full name, U.S. Postal Service mailing address, and the applicable docket or rulemaking number. Parties may also submit an electronic comment by Internet e-mail. To get filing instructions, filers should send an e-mail to ecfs@fcc.gov, and include the following words in the body of the message, "get form." A sample form and directions will be sent in response.

Paper Filers: Parties who choose to file by paper must file an original and four copies of each filing. Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail (although we continue to experience delays in receiving U.S. Postal Service mail). All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.

The Commission's contractor will receive hand-delivered or messenger-delivered paper filings for the Commission's Secretary at 236 Massachusetts Avenue, NE., Suite 110, Washington, DC 20002. The filing hours at this location are 8:00 a.m. to 7:00 p.m. All hand deliveries must be held together with rubber bands or fasteners. Any envelopes must be disposed of before entering the building.

Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9300 East Hampton Drive, Capitol Heights, MD 20743.

U.S. Postal Service first-class, Express, and Priority mail should be addressed to 445 12th Street, SW,Washington DC 20554.

Annual 64.2009(e) CPNI Certification for [year]
Date filed: [date]
Name of company(s) covered by this certification: [company]
Form 499 Filer ID: [provide ID(s)]
Name of signatory: [name]
Title of signatory: [title]
I, [name of officer signing certification], certify that I am an officer of the company named above, and
acting as an agent of the company, that I have personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the Commission's CPNI rules. See 47 C.F.R. 64.2001 et seq.
Attached to this certification is an accompanying statement explaining how the company's procedures
ensure that the company [is/ is not] in compliance with the requirements set forth in section 64.2001 et seq. of the Commission's rules [attach accompanying statement].
The company [has/has not] taken any actions (proceedings instituted or petitions filed by a company at
either state commissions, the court system, or at the Commission against data brokers) against data brokers in the past year. Companies must report on any information that they have with respect to the processes pretexters are using to attempt to access CPNI , and what steps companies are taking to protect CPNI.If affirmative: [Provide explanation of any actions taken against data brokers]
The company [has/has not] received any customer complaints in the past year concerning the unauthorized release of CPNI (number of customer complaints a company has received related to unauthorized access to CPNI, or unauthorized disclosure of CPNI, broken down by category or complaint, e.g., instances of improper access by employees, instances of improper disclosure to individuals not authorized to receive the information, or instances of improper access to online information by individuals not authorized to view the information).If affirmative: [Provide summary of all customer complaints received in the past year concerning the unauthorized release of CPNI.]
Signed _____________________________ [signature]
3

Note: We are currently transitioning our documents into web compatible formats for easier reading.
We have done our best to supply this content to you in a presentable form, but there may be some formatting issues while we improve the technology.
The original version of the document is available as a PDF, Word Document, or as plain text.

You are leaving the FCC website

Click Here To Continue to

You are about to leave the FCC website and visit a third-party, non-governmental website that the FCC does not maintain or control. The FCC does not endorse any product or service, and is not responsible for, nor can it guarantee the validity or timeliness of the content on the page you are about to visit. Additionally, the privacy policies of this third-party page may differ from those of the FCC.